NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
WPA3 issues
I just repalced my RBK52 to RBK852 and so far everything works great except major WPA3 hiccup
I thought WPA3 supposed to be a backward compatible but some devices cannot connect the network if I set it up as WPA3 Personal.
also weirdly enough, my iPhone 11 Pro and iMac sometimes disconnects from the network and cannot reconnect back onto it.
I had to roll it back to WPA2 Personal and having no issue with it.
34 Replies
WPA is not backwards compatible from what I understand. WPA3 is it's own new standard and any client device you have needs to be upgraded to also support WPA3. I know that Apples iOS 13 preview supports it. I believe newer Android OS supports it as well.
Hopefully NG will come out with a mixed WPA2 and WPA3 mode that would be supporting of both modes for those devices that don't get upgraded to WPA3.
Both my iMac and iPhone 11 Pro runs on newest developer preview build of the OS. They don't have any issue creating initial connection to RBK852's WPA3 network then randomly drops out the connection.
and also, if I remember correctly, WPA3 spec should include backward compatibility to WPA2 devices
I've only tested WPA3 out for a short while. I didn't see any issues with my iphone. Since thats the only device I have currently that supports it. I changed back to WPA2 and AES.
I would review the spec to see if it's supposed to be back wards compatible or not. WPA2 was not backwards compatible with WPA. WPA2 has two modes, TPIK an AES. Most router mfrs inplemented a mixed WPA and WPA2 mode setting that allowed WPA and WPA2 devices to connect to the same router at the same time using the different security modes. This is what provides backwards compatibility. Also device Mfrs will need to update there devices as well to support WPA3.
WPA3 is SAE, Simultaneous Authentication of Equals. I see two modes, Personal and Enterprise.
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
It will be up to both device Mfr and router mfrs to implement this I presume as we have seen in the past with WPA and WPA2.
Product (not included in the dropdown list): RBS850 Orbi Satellite
Firmware: V3.2.10.11_1.2.12
Upgraded firmware on the router and satellite. Both rebooted successfully. I updated the security protocol to WPA3-Personal, and now the satellite no longer appears in the network, not on the app or the UI login screen. Rebooting and resetting has not solved the issue.
I just checked mine. Mine was using WPA2 and AES only in AP mode. I first turned off the RBSs, changed to WPA3 and applied the change. I powered on the two RBS one at a time. They both appeared eventually in the RBRs status page as satellites and were connected wirelessly.
kickingyourself wrote:Product (not included in the dropdown list): RBS850 Orbi Satellite
Firmware: V3.2.10.11_1.2.12
Upgraded firmware on the router and satellite. Both rebooted successfully. I updated the security protocol to WPA3-Personal, and now the satellite no longer appears in the network, not on the app or the UI login screen. Rebooting and resetting has not solved the issue.
Uugh, wish they would update rbs850 fw to support wpa2/wpa3 mixed mode. Can't secure the rest of the network on wap3 until they do this.
The problem with WPA2+WPA3 mixed mode is less with the AP (respectively the orbi in this case), but with clients simply not working correctly with such a network. Especially Apple- but also some Android 10 devices simply don't connect in this configuration (they can connect to a pure WPA3 network or a pure WPA2 network), fixing this will probably have to be done on the client side (in other words, it's not likely to happen). Netgear probably disabled mixed mode to ease their support burden, as it affects the most common wireless devices around.
Are there alternatives to mixed mode? Technically yes, the hardware should be able to run multiple AP interfaces (VAP) on the same radio, so one dedicated network for WPA2 and another for WPA3, with different ESSID (similar to the guest mode, just with different routing/ filtering semantics) and PSK settings. This would work, but it's obviously not the prettiest solution and quite prone to user confusion (why do I need to select two different ESSIDs and PSKs for my single network - which network do I need to connect to).
I got information from NG, Seems to echo what you mentioned about clients being the problem. They said there is new data streams in the beacon standard when WPA3 is enabled, that older wifi drivers on the client side can't seem to decode this correctly correctly. This is someting that NG and probably all other wifi router mfrs have no control over. Seems this is a problem industry wide on the client side which the client side HW mfrs will have to bring updates too. NG can't give any time frame on any other fixes or information on WPA3.
I presume WPA3 is still in development and needs some growth time from the development group who over sees the WPA seucity core code. They and the all the client side HW developers will need to get this all figured out. Probably will take time so seeing mixed mode and or any kind of full backward compatibility with client side HW will be in the future I hope. I presume some mfrs may not update any legacy devices as well.
For now, WPA2 and AES is best for most current wifi devices for best compatibility.
pkgadd wrote:The problem with WPA2+WPA3 mixed mode is less with the AP (respectively the orbi in this case), but with clients simply not working correctly with such a network. Especially Apple- but also some Android 10 devices simply don't connect in this configuration (they can connect to a pure WPA3 network or a pure WPA2 network), fixing this will probably have to be done on the client side (in other words, it's not likely to happen). Netgear probably disabled mixed mode to ease their support burden, as it affects the most common wireless devices around.
Are there alternatives to mixed mode? Technically yes, the hardware should be able to run multiple AP interfaces (VAP) on the same radio, so one dedicated network for WPA2 and another for WPA3, with different ESSID (similar to the guest mode, just with different routing/ filtering semantics) and PSK settings. This would work, but it's obviously not the prettiest solution and quite prone to user confusion (why do I need to select two different ESSIDs and PSKs for my single network - which network do I need to connect to).
Eero doesn't seem to have an issue running WPA2/WPA3 concurrently. All of my older IoT-type devices connected fine with it. Rather disappointed that, especially for the price, the RBR850 doesn't support it.
Hardware Version: RBR850
Firmware Version: V3.2.16.6_1.4.4
GUI Language Version: V3.0.0.49_2.1.30.3
Sorry to be late to this thread. I was just thinking of switching my RBR/RBS network to WPA3-Personal [SAE] but wondered, "am I going to regret this?" Except for a somewhat dated Samsung TV, I *think* that all of my (mostly Apple) devices should work....
Make sure that ALL of your devices support WPA3. I would guess that most may not. Not alot of client side devices support WPA3, especially older devices. Check with the Mfr of thsse devices for additional help and information regarding this.
CrazyEddie wrote:Sorry to be late to this thread. I was just thinking of switching my RBR/RBS network to WPA3-Personal [SAE] but wondered, "am I going to regret this?" Except for a somewhat dated Samsung TV, I *think* that all of my (mostly Apple) devices should work....
If all your devices support WPA3, there's no reason to regreat it. WPA3 fixes some security weaknesses and makes IEEE 802.11w mandatory, which is long overdue.
The only problem is interoperability with devices in the wild, sadly including brandnew ones (and IoT in particular). If all your devices support it, great - sadly the situation is different for most of us, partially because of older device, partially because of contemporary IoT devices, partially because of brandnew devices where the vendor messed up and doesn't really support WPA3 despite claiming to do so, partially because you may have friends and family coming over with non-WPA3-compliant devices.
But, there's no harm done in trying - if it succeeds in your environment, great.
I wonder if Netgear has any plan to add WPA2 + WPA3 mode to their older Orbi models since I just found out myself that new RBKE960 family supports that exact mode I was wanted previously on RBK850 family. I'm happy with my new RBKE963 but it'd be very nice to have that feature added to the older models too.
We have asked about this.
